Fresenius Medical CareRemote
Principal Analyst Cyber Security Operations - SOAR
United States of America
Full Time
15 hours ago
$118,000 - $196,000 USD
H1B Sponsor Likely
Key skills
SOAR EngineeringAutomation EngineeringDevSecOpsPythonPowerShellGoNodeJSSOAR PlatformsCortex XSOARSplunk SOARMicrosoft Sentinel AutomationAPI IntegrationsRESTJSONCI/CD ToolsGitHubGitLabAzure DevOpsSOC ProcessesAlerting WorkflowsIncident ResponseEDR IntegrationVM IntegrationIdentity Security ToolsCloud Security ToolsAI-driven AutomationLLM-assisted Workflow DesignGCSA CertificationGCFA CertificationGCIH CertificationScripting CertificationsDevOps CertificationsHybrid Cloud EnvironmentsMulti-cloud EnvironmentsMentorshipTechnical LeadershipAIMachine LearningMLLLMAnalyticsAzureSplunkCI/CDCloud Security
About this role
Fresenius Medical Care is seeking a Principal Analyst for their Cyber Security Operations team. The role involves leading the engineering and development of advanced detection and threat analytics capabilities, focusing on security automation and integration of security tools.
Responsibilities:
- Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines
- Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions)
- Integrate security tools and platforms using APIs, scripting, and microservices
- Improve MTTR and reduce operational overhead through intelligent automation by closely partnering with Security Engineering, IT Operations, and Cloud Teams
- Develop KPIs to measure automation impact and report operational improvements
- Lead POCs for new automation platforms and evaluate opportunities for AI-based operations
- Provide mentorship and code reviews for automation engineers and analysts
- Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility
- Integrate AI/ML driven detection capabilities into existing pipelines, validating model performance and reducing false positives
- Maintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems
- Lead the design, implementation, and optimization of enterprisewide detection content, including correlation rules, behavioral analytics, machine learning assisted detections, and anomaly models
- Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats
- Tune, optimize, and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data)
- Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices
- Serve as a senior escalation point for complex security incidents and investigations
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience)
- 5+ years in automation engineering, SOAR engineering, or DevSecOps
- Strong scripting/programming experience (Python required; PowerShell, Go, or NodeJS a plus)
- Hands-on experience with SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation)
- Hands-on experience with API integrations and REST/JSON workflows
- Hands-on experience with CI/CD tools (GitHub, GitLab, Azure DevOps)
- Deep understanding of SOC processes, alerting workflows, and incident response
- Experience integrating EDR, VM, identity, and cloud security tools
- Experience with AI-driven automation or LLM-assisted workflow design
- Certifications: GCSA, GCFA, GCIH, scripting/DevOps certs
- Experience in hybrid or multi-cloud environments